Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libcdaudio



On Wed, 5 Nov 2008, Thomas Biege wrote:

> Hello,
> we need a CVE-ID for a buffer overflow in libcdaudio.
> It is a remotely exploitable heap-based buffer overflow.

Out of curiosity, what makes it remote?

Use CVE-2008-5030

- Steve

======================================================
Name: CVE-2008-5030
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
Reference: BID:32122
Reference: URL:http://www.securityfocus.com/bid/32122

Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ